Re: Npcap 0.04 call for test

[Yang Luo <hsluoyb () gmail com>]

Hi,

Npcap 0.04 r7 is released.

1) One change is that PCAP_IF_LOOPBACK is set for "Npcap Loopback Adapter"
in DLT_NULL mode in Npcap 0.04 r7. So if you install Npcap with DLT_NULL
mode checked, you can see "Npcap Loopback Adapter" is listed in the last
row of Wireshark UI.

2) Another change is that I have included the 802.1Q VLAN capture support
provided by Nobori's Win10Pcap. You will see the "VLAN Support" option in
the installation and it's checked by default. I didn't test it because I
didn't have a network that can send me VLAN tagged traffic, hope any test
about this feature or any ideas about how to test it.

Latest installer is at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r7.exe

Cheers,
Yang

On Tue, Aug 25, 2015 at 1:12 AM, Guy Harris <guy () alum mit edu> wrote:

> On Aug 24, 2015, at 6:08 AM, Yang Luo <hsluoyb () gmail com> wrote:
>
> > I have looked at all occurrences of PCAP_IF_LOOPBACK in Npcap's
> wpcap.dll code at
> https://github.com/nmap/npcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK,
> it seems that this property is never effectively used inside wpcap.dll's
> code.
>
> In fad-win32.c, pcap_add_if_win32() is used by pcap_findalldevs(), and
> pcap_add_if_win32() calls add_or_find_if() in inet.c, and add_or_find_if()
> uses PCAP_IF_LOOPBACK.
>
> That shows up in the GitHub search done with the URL you specify.
>
> > In Wireshark's WinPcap official trunk, it is totally unused except some
> prints. See:
> https://github.com/wireshark/winpcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK
> .
>
> That's because Wireshark's WinPcap official trunk only includes the
> WinPcap driver, the WinPcap packet.dll DLL, and the WinPcap routines that
> aren't already part of the official libpcap source - fad-win32.c and inet.c
> are both part of the official libpcap source:
>
>
> https://github.com/the-tcpdump-group/libpcap/blob/master/fad-win32.c
>
>         https://github.com/the-tcpdump-group/libpcap/blob/master/inet.c
>
> > So currently PCAP_IF_LOOPBACK is never set in any pcap_if_t struct for
> WinPcap and Npcap.
>
> That should be fixed.
>
> > And It seems to work fine without setting it. Where would Wireshark use
> this PCAP_IF_LOOPBACK  for?
>
> 1) WinPcap *itself* uses it to ensure that loopback interfaces sort after
> non-loopback interfaces, so that if a machine has both "real" and loopback
> interfaces active, the default interface won't end up being a loopback
> interface;
>
> 2) Wireshark uses it to flag interfaces as being loopback interfaces in
> some places (see the uses of the "loopback" flag in the if_info_t
> structure).
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe